iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/fs
History
Alexey Dobriyan ac7f1061c2 proc: fix /proc/*/map_files lookup 
Current code does:

	if (sscanf(dentry->d_name.name, "%lx-%lx", start, end) != 2)

However sscanf() is broken garbage.

It silently accepts whitespace between format specifiers
(did you know that?).

It silently accepts valid strings which result in integer overflow.

Do not use sscanf() for any even remotely reliable parsing code.

	OK
	# readlink '/proc/1/map_files/55a23af39000-55a23b05b000'
	/lib/systemd/systemd

	broken
	# readlink '/proc/1/map_files/               55a23af39000-55a23b05b000'
	/lib/systemd/systemd

	broken
	# readlink '/proc/1/map_files/55a23af39000-55a23b05b000    '
	/lib/systemd/systemd

	very broken
	# readlink '/proc/1/map_files/1000000000000000055a23af39000-55a23b05b000'
	/lib/systemd/systemd

Andrei said:

: This patch breaks criu.  It was a bug in criu.  And this bug is on a minor
: path, which works when memfd_create() isn't available.  It is a reason why
: I ask to not backport this patch to stable kernels.
:
: In CRIU this bug can be triggered, only if this patch will be backported
: to a kernel which version is lower than v3.16.

Link: http://lkml.kernel.org/r/20171120212706.GA14325@avx2
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Pavel Emelyanov <xemul@openvz.org>
Cc: Andrei Vagin <avagin@virtuozzo.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-02-06 18:32:43 -08:00
..
9p
fs/*/Kconfig: drop links to 404-compliant http://acl.bestbits.at
2018-01-01 12:45:37 -07:00
adfs
Rename superblock flags (MS_xyz -> SB_xyz)
2017-11-27 13:05:09 -08:00
affs
affs: convert to new i_version API
2018-01-29 06:42:20 -05:00
afs
inode->i_version rework for v4.16
2018-01-29 13:33:53 -08:00
autofs4
Merge branch 'userns-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2018-01-30 14:43:12 -08:00
befs
befs: Define usercopy region in befs_inode_cache slab cache
2018-01-15 12:07:54 -08:00
bfs
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
btrfs
Documentation updates for 4.16. New stuff includes refcount_t
2018-01-31 19:25:25 -08:00
cachefiles
fs: annotate ->poll() instances
2017-11-27 16:20:05 -05:00
ceph
Documentation updates for 4.16. New stuff includes refcount_t
2018-01-31 19:25:25 -08:00
cifs
Currently, hardened usercopy performs dynamic bounds checking on slab
2018-02-03 16:25:42 -08:00
coda
Merge branch 'misc.poll' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2018-01-30 17:58:07 -08:00
configfs
configfs: make ci_type field, some pointers and function arguments const
2017-10-19 16:15:16 +02:00
cramfs
cramfs: fix MTD dependency
2017-12-17 12:20:58 -08:00
crypto
fscrypt: fix build with pre-4.6 gcc versions
2018-02-01 10:51:18 -05:00
debugfs
fs: annotate ->poll() instances
2017-11-27 16:20:05 -05:00
devpts
devpts: fix error handling in devpts_mntget()
2018-01-31 08:48:37 -08:00
dlm
Merge branch 'work.sock_recvmsg' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2018-01-30 18:59:03 -08:00
ecryptfs
Merge branch 'misc.poll' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2018-01-30 17:58:07 -08:00
efivarfs
VFS: Kill off s_options and helpers
2017-07-11 06:09:21 -04:00
efs
Rename superblock flags (MS_xyz -> SB_xyz)
2017-11-27 13:05:09 -08:00
exofs
Currently, hardened usercopy performs dynamic bounds checking on slab
2018-02-03 16:25:42 -08:00
exportfs
ext2
Currently, hardened usercopy performs dynamic bounds checking on slab
2018-02-03 16:25:42 -08:00
ext4
Refactor support for encrypted symlinks to move common code to fscrypt.
2018-02-04 10:43:12 -08:00
f2fs
Refactor support for encrypted symlinks to move common code to fscrypt.
2018-02-04 10:43:12 -08:00
fat
fat: convert to new i_version API
2018-01-29 06:42:20 -05:00
freevxfs
vxfs: Define usercopy region in vxfs_inode slab cache
2018-01-15 12:07:57 -08:00
fscache
AFS development
2017-11-16 11:41:22 -08:00
fuse
Merge branch 'misc.poll' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2018-01-30 17:58:07 -08:00
gfs2
gfs2: Glock dump performance regression fix
2018-02-01 11:27:11 -07:00
hfs
Rename superblock flags (MS_xyz -> SB_xyz)
2017-11-27 13:05:09 -08:00
hfsplus
fs/*/Kconfig: drop links to 404-compliant http://acl.bestbits.at
2018-01-01 12:45:37 -07:00
hostfs
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
hpfs
hpfs: don't bother with the i_version counter or f_version
2017-12-10 12:58:18 -08:00
hugetlbfs
hugetlb: implement memfd sealing
2018-01-31 17:18:39 -08:00
isofs
Rename superblock flags (MS_xyz -> SB_xyz)
2017-11-27 13:05:09 -08:00
jbd2
jbd2: fix sphinx kernel-doc build warnings
2018-01-10 00:27:29 -05:00
jffs2
Documentation updates for 4.16. New stuff includes refcount_t
2018-01-31 19:25:25 -08:00
jfs
Currently, hardened usercopy performs dynamic bounds checking on slab
2018-02-03 16:25:42 -08:00
kernfs
Merge branch 'misc.poll' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2018-01-30 17:58:07 -08:00
lockd
lockd: Fix server refcounting
2018-01-24 17:33:57 -05:00
minix
Rename superblock flags (MS_xyz -> SB_xyz)
2017-11-27 13:05:09 -08:00
nfs
Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2018-01-31 09:25:20 -08:00
nfs_common
lockd: fix "list_add double add" caused by legacy signal interface
2017-11-27 16:45:11 -05:00
nfsd
inode->i_version rework for v4.16
2018-01-29 13:33:53 -08:00
nilfs2
Rename superblock flags (MS_xyz -> SB_xyz)
2017-11-27 13:05:09 -08:00
nls
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
notify
Merge branch 'misc.poll' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2018-01-30 17:58:07 -08:00
ntfs
ntfs: remove i_version handling
2018-01-01 10:09:33 -05:00
ocfs2
ocfs2: return error when we attempt to access a dirty bh in jbd2
2018-01-31 17:18:35 -08:00
omfs
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
openpromfs
Rename superblock flags (MS_xyz -> SB_xyz)
2017-11-27 13:05:09 -08:00
orangefs
Currently, hardened usercopy performs dynamic bounds checking on slab
2018-02-03 16:25:42 -08:00
overlayfs
ovl: check ERR_PTR() return value from ovl_encode_fh()
2018-02-05 09:50:29 +01:00
proc
proc: fix /proc/*/map_files lookup
2018-02-06 18:32:43 -08:00
pstore
fs: pstore: remove unused hardirq.h
2017-11-28 16:39:09 -08:00
qnx4
Rename superblock flags (MS_xyz -> SB_xyz)
2017-11-27 13:05:09 -08:00
qnx6
Rename superblock flags (MS_xyz -> SB_xyz)
2017-11-27 13:05:09 -08:00
quota
quota: Check for register_shrinker() failure.
2017-11-29 16:46:48 +01:00
ramfs
mm: make pagevec_lookup() update index
2017-09-06 17:27:26 -07:00
reiserfs
fs/*/Kconfig: drop links to 404-compliant http://acl.bestbits.at
2018-01-01 12:45:37 -07:00
romfs
Rename superblock flags (MS_xyz -> SB_xyz)
2017-11-27 13:05:09 -08:00
squashfs
Rename superblock flags (MS_xyz -> SB_xyz)
2017-11-27 13:05:09 -08:00
sysfs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk
2018-02-01 13:36:15 -08:00
sysv
Rename superblock flags (MS_xyz -> SB_xyz)
2017-11-27 13:05:09 -08:00
tracefs
VFS: Don't use save/replace_mount_options if not using generic_show_options
2017-07-06 03:31:46 -04:00
ubifs
Refactor support for encrypted symlinks to move common code to fscrypt.
2018-02-04 10:43:12 -08:00
udf
Rename superblock flags (MS_xyz -> SB_xyz)
2017-11-27 13:05:09 -08:00
ufs
Currently, hardened usercopy performs dynamic bounds checking on slab
2018-02-03 16:25:42 -08:00
xfs
Changes since last update:
2018-02-05 13:35:56 -08:00
aio.c
Merge branch 'misc.compat' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2017-11-17 11:54:55 -08:00
anon_inodes.c
attr.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
bad_inode.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
binfmt_aout.c
fs: fix kernel_read prototype
2017-09-04 19:05:15 -04:00
binfmt_elf_fdpic.c
Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2017-11-17 12:54:01 -08:00
binfmt_elf.c
Merge branch 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm
2017-11-16 12:50:35 -08:00
binfmt_em86.c
binfmt_flat.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
binfmt_misc.c
fs/binfmt_misc.c: node could be NULL when evicting inode
2017-10-13 16:18:33 -07:00
binfmt_script.c
exec: load_script: kill the onstack interp[BINPRM_BUF_SIZE] array
2017-10-03 17:54:25 -07:00
block_dev.c
Merge branch 'for-4.15/block' of git://git.kernel.dk/linux-block
2017-11-14 15:32:19 -08:00
buffer.c
Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2018-01-31 09:25:20 -08:00
char_dev.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
compat_binfmt_elf.c
compat_ioctl.c
Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2017-11-17 12:54:01 -08:00
compat.c
coredump.c
Merge branch 'misc.compat' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2017-11-17 11:54:55 -08:00
dax.c
Only miscellaneous cleanups and bug fixes for ext4 this cycle.
2018-02-03 13:49:22 -08:00
dcache.c
Merge branch 'overlayfs-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs
2018-02-05 13:05:20 -08:00
dcookies.c
direct-io.c
iomap: report collisions between directio and buffered writes to userspace
2018-01-08 10:41:39 -08:00
drop_caches.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
eventfd.c
Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2018-01-31 09:25:20 -08:00
eventpoll.c
eventpoll: no need to mask the result of epi_item_poll() again
2017-11-28 19:56:15 -05:00
exec.c
exec: Weaken dumpability for secureexec
2018-01-03 10:13:36 -08:00
fcntl.c
shmem: rename functions that are memfd-related
2018-01-31 17:18:39 -08:00
fhandle.c
vfs: Copy struct mount.mnt_id to userspace using put_user()
2018-01-15 12:07:51 -08:00
file_table.c
vfs: remove unused hardirq.h
2017-12-07 14:23:30 -05:00
file.c
Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2018-01-31 09:25:20 -08:00
filesystems.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
fs_pin.c
Merge branch 'linus' into locking/core, to resolve conflicts
2017-11-07 10:32:44 +01:00
fs_struct.c
fs-writeback.c
writeback: update comment in inode_io_list_move_locked
2018-01-06 09:18:00 -07:00
inode.c
fs: only set S_VERSION when updating times if necessary
2018-01-29 06:42:21 -05:00
internal.h
fs: expose do_unlinkat for built-in callers
2017-11-10 08:48:46 -05:00
ioctl.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
iomap.c
iomap: warn on zero-length mappings
2018-01-29 07:27:24 -08:00
Kconfig
Staging/IIO patches for 4.16-rc1
2018-02-01 09:51:57 -08:00
Kconfig.binfmt
ARM: enable elf_fdpic on systems with an MMU
2017-09-10 19:31:46 -04:00
libfs.c
Rename superblock flags (MS_xyz -> SB_xyz)
2017-11-27 13:05:09 -08:00
locks.c
Rename superblock flags (MS_xyz -> SB_xyz)
2017-11-27 13:05:09 -08:00
Makefile
ncpfs: move net/ncpfs to drivers/staging/ncpfs
2017-11-28 13:55:01 +01:00
mbcache.c
mbcache: make sure c_entry_count is not decremented past zero
2018-01-09 23:57:52 -05:00
mount.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
mpage.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
namei.c
Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2018-01-31 09:25:20 -08:00
namespace.c
VFS: Handle lazytime in do_mount()
2017-12-09 20:16:33 -05:00
no-block.c
nsfs.c
nsfs: generalize ns_get_path() for path resolution with a task
2017-12-31 16:12:23 +01:00
open.c
ovl: don't allow writing ioctl on lower layer
2017-09-05 12:53:12 +02:00
pipe.c
fs: annotate ->poll() instances
2017-11-27 16:20:05 -05:00
pnode.c
mnt: Make propagate_umount less slow for overlapping mount propagation trees
2017-05-23 08:41:17 -05:00
pnode.h
posix_acl.c
posix_acl: convert posix_acl.a_refcount from atomic_t to refcount_t
2018-01-02 19:27:28 -08:00
proc_namespace.c
Merge branch 'misc.poll' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2018-01-30 17:58:07 -08:00
read_write.c
Merge branch 'work.iov_iter' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2017-11-17 12:08:18 -08:00
readdir.c
Merge branch 'linus' into locking/core, to resolve conflicts
2017-11-07 10:32:44 +01:00
select.c
make kernel-side POLL... arch-independent
2017-11-29 19:00:41 -05:00
seq_file.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
signalfd.c
fs: annotate ->poll() instances
2017-11-27 16:20:05 -05:00
splice.c
locking/atomics: COCCINELLE/treewide: Convert trivial ACCESS_ONCE() patterns to READ_ONCE()/WRITE_ONCE()
2017-10-25 11:01:08 +02:00
stack.c
stat.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
statfs.c
Rename superblock flags (MS_xyz -> SB_xyz)
2017-11-27 13:05:09 -08:00
super.c
Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2018-01-31 09:25:20 -08:00
sync.c
Merge branch 'for-4.15/block' of git://git.kernel.dk/linux-block
2017-11-14 15:32:19 -08:00
timerfd.c
fs: annotate ->poll() instances
2017-11-27 16:20:05 -05:00
userfaultfd.c
userfaultfd: convert to use anon_inode_getfd()
2018-01-31 17:18:39 -08:00
utimes.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
xattr.c
lsm: fix smack_inode_removexattr and xattr_getsecurity memleak
2017-10-04 18:03:15 +11:00